N/A

Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

N/A

RSA Security Archer 跨站脚本漏洞

RSA Security Archer是英国RSA Security公司的一款企业IT治理和合规治理产品。该产品可以制定eGRC计划，用于管理企业风险、实现业务流程自动化等。 RSA Security Archer6.8 P4 之前版本存在跨站脚本漏洞，该漏洞源于经过远程身份验证的恶意Archer用户可能会利用此漏洞将恶意HTML或JavaScript代码存储在受信任的应用程序数据存储中。当应用程序用户通过浏览器访问损坏的数据存储时，恶意代码将由web浏览器在脆弱的web应用程序上下文中执行。

N/A

N/A